[Mailman-Users] non-subscriber managed to post to a subscriberonly list

Steve Lindemann steve at marmot.org
Mon Jan 26 22:56:47 CET 2009

Mark Sapiro wrote:
> Steve Lindemann wrote:
>> Lindsay Haisley wrote:
>>> Is it possible that the list mod or admin password got out?  I believe
>>> than anyone can post to a moderated list by putting an "Approved:
>>> <password>" header or pseudo-header in a post.
>> I'm on one of the lists that accepted the message (which is how it came 
>> to my attention) and I just rechecked the message header and didn't see 
>> anything resembling that...  would mailman remove it from the header for 
>> final delivery to the list members?  Regardless, I'll see to getting 
>> passwords changed, thanks.
> Yes, any Approve: or Approved: header will be removed from the post
> whether or not the password is valid.

duh... I should have known, that only makes sense.  Sounds like the 
Approve: or Approved header is a likely candidate.  Getting those 
passwords fixed now.  Thanks.
Steve Lindemann                         __
Network Administrator                  //\\  ASCII Ribbon Campaign
Marmot Library Network, Inc.           \\//  against HTML/RTF email,
http://www.marmot.org                  //\\  vCards & M$ attachments
+1.970.242.3331 x116

More information about the Mailman-Users mailing list